package example.hellosecurity.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
public class MysecurityController {


    /*
    * 必须包含admin:write 或者guest:write权限的登录用户才可以访问
    * @PreAuthorize 方法执行前，校验权限是否瞒足 注解相当于access方法
    * 属性 value -字符串，提供access方法动态表达式，如hasRole('ROLE_xxx')  hasAuthority("xx")
    * PostAuthorize 方法执行结束后，校验权限是否瞒足，很少使用
    * */

@RequestMapping("/all/write")
@ResponseBody
@PreAuthorize("hasAnyAuthority('admin:read','guest:write')")
    public String allWrite(){
    return "所有用户写操作";
    }

/*
* 必须拥有权限admin:write的登录用户才可以登录
* */


    @RequestMapping("/admin/write")
    @ResponseBody
    @PreAuthorize("hasAnyAuthority('admin:write')")
    public String adminWrity(){

        return "管理员写作";

    }



/*
    * 任意用户读取
    * *//*

    @RequestMapping("/all/read")
    @ResponseBody
    @Secured({"ROLE_管理员","ROLE_访客"})
    public String showallRead(){
   return "任意用户读取";
    }
    */
/*
    * 只能是管理员访问
    * *//*

    @RequestMapping("/admin/read")
    @ResponseBody
    @Secured("ROLE_管理员")
    public String getUser(){
    return "管理员访问";
    }
    */
/*
    * 只能访客角色访问
    * *//*


@RequestMapping("/guest/read")
@ResponseBody
@Secured("ROLE_访客")
public String getRead(){
return "访客读取";
}
*/





    /*
    * 错误登录页面请求跳转
    * */
/*    @RequestMapping("/failure")
    public String show(Model model){
        //是否登录失败
    model.addAttribute("msg","T");
    return "error";
    }*/

/*
* 登录成功跳转页面
* */
    @RequestMapping("/toMain")
public String toMain(){
return "mian";
}

/*
* 登录首页
* */
    @RequestMapping("/toLogin")
    public String toLogin(){

        return "login";

    }

    @RequestMapping("/laile")
    @ResponseBody
    public String show(){
    return "来了老弟";
    }

    @RequestMapping("/laile/nihao")
    @ResponseBody
    public String show1(){
        return "/laile/nihao";
    }

    @RequestMapping("/laile/write")
    @ResponseBody
    public String show3(){
        return "/laile/write";
    }
}
